Professional Documents
Culture Documents
MARTIN KUPPINGER
PRINCIPAL ANALYST
1 © 2020 KUPPINGERCOLE ANALYSTS AG
KUPPINGERCOLE 7/6/2020
ANALYSTS AG
PAM: Privileged Access Management
Among the essential threats to the cyber security landscape is the
potential misuse of accounts with high or elevated authorizations on IT
systems.
Privileged Access Management helps organizations
• to identify, assess, and appropriately manage their privileged
accounts
• to protect their critical business processes and corporate and
financial assets from attacks and fraudulent access,
• to ensure compliance,
• to protect against data breaches.
▪ High privileges
▪ High risk
▪ Not in scope of IAM
▪ Lack of life cycle management
▪ Lack of request management
▪ Not associated with a person
▪ Lack of auditability
IGA (Identity
Adaptive IT Asset
Governance & SIEM, SOC, SOAR
Authentication Management
Administration)
Cloud
ITSM (IT service Remote Access
Management (e.g. management) Solutions
SaaS offerings)
Functional distinction
▪ Both IGA and PAM represent important but separate capabilities
related to Cyber Security and associated with Identity and Access
Management.
▪ IGA manages and monitors unique and trusted identities and their
static entitlements as an indispensable foundation for PAM.
▪ PAM has become one of the most relevant areas of Identity and
Access Management to identify, secure and manage privileged
credentials and their (runtime) access.
Interfaces
▪ IGA and PAM typically interact through proprietary APIs and
sometimes via standards as part of an IAM architecture.
User
MOVER PROCESSES
03 Mover processes must tri gger re -assignment of ownership for Management Access
s ha red accounts. Ma ndatorily.
IGA PAM Access Management
ACCESS REVIEWS
04 standard & standard &
Pri vi l eged a ccess entitlements a nd a ccess policies must become privileged
privileged privileged
pa rt of the regular review process.
Target systems & applications
Functional distinction
▪ PAM provides crucial technologies for preventing security breaches
and credential thefts by provisioning, recertifying and revoking
elevated access to and from IT systems.
▪ PAM has direct relevance and impact on an organization’s
cybersecurity program. As part of an IAM architecture it is usually
considered as part of cybersecurity.
Interfaces
▪ PAM interacts with other cybersecurity services through
standardized protocols and APIs as part of IAM as a cybersecurity
architecture.
▪ PAM provides logs and user behavior analytics data to cybersecurity
peers.
NETWORK SECURITY
04 PAM can protect the operators and administrators of
network devices – this is a typical privileged access,
frequently using shared accounts.
9 © 2020 KUPPINGERCOLE ANALYSTS AG 7/6/2020
PAM & ITSM: Integration Points
Where to integrate PAM and ITSM
Functional distinction
▪ Remote access solutions provide isolated point solutions for remote
access, usually without a sufficient security, management or
governance layer.
▪ PAM also provides mechanisms to access remote or local systems, it
adds a comprehensive set of security, management and
governance, including but by far not limited to session
management.
Interfaces
▪ Usually there are no interfaces required, as PAM provides a secure
and managed alternative for typically insecure remote access
solutions.
Di gi tal Servi ce Di gi tal Servi ce Di gi tal Servi ce Di gi tal Servi ce Di gi tal Servi ce
IDENTITY FABRIC
APIs APIs APIs
Identity Identity Access Micro- Micro- Micro-
Access Management Service
Federation Gov. and UBA service service service
Privileged Access Identity APIs APIs APIs
Identity Management Service
Mgmt Provisioning Micro- Micro- Micro-
service service service
Integration a nd
Lega cy IAM
Lega cy Application Lega cy Application Lega cy Application Lega cy Application Lega cy Application
P: +49 | 211 - 23 70 77 - 0
F: +49 | 211 - 23 70 77 – 11
E: info@kuppingercole.com
www.kuppingercole.com